1. Home
  2. Cisco
  3. 300-715

Implementing and Configuring Cisco Identity Services Engine (SISE)

Exam Details

  • Exam Code
    :300-715
  • Exam Name
    :Implementing and Configuring Cisco Identity Services Engine (SISE)
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :404 Q&As
  • Last Updated
    :Mar 28, 2025

Cisco CCNP Security 300-715 Questions & Answers

  • Question 61:

    An administrator needs to add a new third party network device to be used with Cisco ISE for Guest and BYOD authorizations. Which two features must be configured under Network Device Profile to achieve this? (Choose two.)

    A. TACACS

    B. SNMP community

    C. CoA Type

    D. dACL

    E. URL Redirect

  • Question 62:

    Which two probes provide IP-to-MAC address binding information to the ARP cache in Cisco ISE? (Choose two.)

    A. HTTP

    B. RADIUS

    C. DHCP

    D. DNS

    E. NetFlow

  • Question 63:

    An organization has a SGACL locally configured on a switch port, but when a user in the Executives group connects to the network, they receive a different level of network access than expected. When Cisco ISE pushes SGACLs to the switch after the authorization phase, how does the switch decide which access to grant the user?

    A. Dynamically downloaded policies override local policies in all cases.

    B. Local policies override dynamically downloaded policies in all cases.

    C. The policies are merged, but local policies receive priority.

    D. The policies are merged, but dynamically downloaded policies receive priority.

  • Question 64:

    An administrator is configuring an AD domain to be used with authentication for endpoints and users within Cisco ISE. Which two steps are required to configure this to be used as an external identity store? (Choose two.)

    A. Add an Authentication Joint Point.

    B. Configure Authentication Domains.

    C. Configure Active Directory Schema.

    D. Configure Active Directory Domains.

    E. Add an Active Directory Join Point.

  • Question 65:

    An engineer is configuring Central Web Authentication in Cisco ISE to provide guest access. When an authentication rule is configured in the Default Policy Set for the Wired_MAB or Wireless_MAB conditions, what must be selected for the "if user not found" setting?

    A. ACCEPT

    B. DROP

    C. REJECT

    D. CONTINUE

  • Question 66:

    An administrator is configuring MAB and needs to create profiling policies to support devices that do not match the built-in profiles.

    Which two steps must the administrator take in order to use these new profiles in authorization policies? (Choose two.)

    A. Edit the authorization policy to give the profiles as a result of the authentication and authorization results

    B. Use the profiling policies as the matching conditions in each authorization policy

    C. Modify the endpoint identity group to feed the profiling policies into and match the parent group in the policy

    D. Configure the profiling policy to make a matching identity group and use the group in the authorization policy

    E. Feed the profiling policies into a logical profile and use the logical profile in the authorization policy

  • Question 67:

    An administrator must enable scanning for specific endpoints when they attempt to access the network. The scanning must be triggered as a result of successful authentication. Which action accomplishes this task?

    A. Modify the authorization policy to send init_endpoint_scan as a result to the authenticator.

    B. Create an authorization profile with scanning enabled and add it to the authorization policy that the endpoints will hit.

    C. Add an entry in the authentication conditions to allow only scanned endpoints access, then redirect everything else to the portal to initiate the scan.

    D. Configure the endpoint scanning probe to profile the endpoint correctly and assign it a risk score.

  • Question 68:

    A network engineer responsible for the switching environment must provision a new switch to properly propagate security group tags within the TrustSec inline method. Which CLI command must the network engineer enter on the switch to globally enable the tagging of SGTs?

    A. cts sxp enable

    B. cts manual

    C. cts role-based sgt-map

    D. cts role-based enforcement

  • Question 69:

    A client connects to a network and the authenticator device learns the MAC address 04:49:23:86:34:AB of this client. After the MAC address is learned, the 802.1 x authentication process begins on this port.

    Which ISE deployment mode restricts all traffic initially, applies a rule for access control if 802.1x authentication is successful, and can be configured to grant only limited access if 802.1 x authentication is unsuccessful?

    A. open mode

    B. monitor mode

    C. closed mode

    D. low-impact mode

  • Question 70:

    Which two statements regarding Zero Touch Provisioning (ZTP) on Cisco ISE are correct? (Choose two.)

    A. All passwords must be encrypted in the configuration file

    B. ZTP cannot be used if ICMP is blocked

    C. ZTP is only supported on VMWare

    D. ZTP is only supported on virtual appliances

    E. Linux is required to create the configuration image

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-715 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.